Every day I do a search that searches this:
I know how to filter for a specific event so, for example, I always run this:
And every day I get about 25,000 hits, 24,000 of which are of this type:
source=wineventlog:* earliest_time=-24h "Type=Success"
I'd like to filter out the 24,000 successes and instead show me the 1,000 events that are not of "Type=Success" How can I do that?